Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Report bug to nic.ru dns api #2547

Closed
rserpent opened this issue Oct 16, 2019 · 23 comments
Closed

Report bug to nic.ru dns api #2547

rserpent opened this issue Oct 16, 2019 · 23 comments
Assignees
@rserpent
Labels
3rd party api report bugs to dns api, deploy hooks and notification hooks

Comments

@rserpent
Copy link
Contributor

This is the place to report bugs in the nic.ru DNS API.
If you experience a bug, please report it in this issue.
Thanks!
@rserpent rserpent mentioned this issue Oct 16, 2019
Merged
@Neilpang Neilpang added the 3rd party api report bugs to dns api, deploy hooks and notification hooks label Oct 20, 2019
@alikve
Copy link

alikve commented Nov 8, 2019

grep "$txtvalue"
gives an error when the $txtvalue starts with dash.

For example, I had a DNS record with the value "-30Q...", this gave the error
grep: invalid option -- 'Q'

I think that this problem can be fixed by using the double dash:
grep -- "$txtvalue"

@Neilpang
Copy link
Member

@slalik

tell me which line ?

@alikve
Copy link

alikve commented Nov 15, 2019

Line 92 that contains grep "$txtvalue"

@Neilpang
Copy link
Member

@slalik
fixed. try again with the latest dev branch.

acme.sh --upgrade  -b dev

@alikve
Copy link

alikve commented Nov 16, 2019

Thank you! I don't know how to do a real test, the problem happens only when the value of DNS record starts with dash. But it should work.

@Sergey-Zorin
Copy link
Contributor

I think the name of parameter NIC_Token is inconvenient.
Actually it contains string "<client_id>:<client_secret>" encoded with Base64.
(It's described at https://www.nic.ru/help/oauth-server_5809.html)

Please correct instruction at https://github.com/Neilpang/acme.sh/wiki/dnsapi#89-use-nicru-dns
Or add explicit parameters NIC_ClientId and NIC_ClientSecret

@alikve
Copy link

alikve commented Jan 6, 2020

dns_nic.sh writes NIC_Customer to account.conf but read NIC_Token.
I suppose, this is a serious bug.
Probably, can be fixed by
- _saveaccountconf_mutable NIC_Customer "$NIC_Token"
+ _saveaccountconf_mutable NIC_Token "$NIC_Token"

@Sergey-Zorin
Copy link
Contributor

I can offer pull request in a few days.
How important is backward compatibility?
Can I completely get rid of the NIC_Token parameter?

@Neilpang
Copy link
Member

Neilpang commented Jan 6, 2020

@slalik fixed. try again with dev branch

acme.sh --upgrade -b dev

@rserpent
Copy link
Contributor Author

rserpent commented Jan 6, 2020

I think we can easily change NIC_Token parameter and break backward compatibility, but changing docs is better way.

@Neilpang
Copy link
Member

Neilpang commented Jan 6, 2020

@rserpent please send PR

@rserpent
Copy link
Contributor Author

rserpent commented Jan 6, 2020

Docs updated: https://github.com/Neilpang/acme.sh/wiki/dnsapi#89-use-nicru-dns

@alikve
Copy link

alikve commented Jan 6, 2020

@slalik fixed. try again with dev branch

acme.sh --upgrade -b dev

It works, thank you!

@Sergey-Zorin Sergey-Zorin mentioned this issue Jan 6, 2020
Merged
@Sergey-Zorin
Copy link
Contributor

Sergey-Zorin commented Jan 6, 2020
edited
Loading

@rserpent please send PR

I'd sent PR 2678
After merging PR, it will be necessary to correct the documentation

export NIC_Username='000000/NIC-D'
export NIC_Password='xxxxxxxx'
export NIC_ClientID='xxxxxxxx'
export NIC_ClientSecret='xxxxxxxx'

New behavior is backward compatible with old implementation
If NIC_ClientID or NIC_ClientSecret are not available from environment or saved config,
script try to find old NIC_Token and use it for calculation NIC_ClientID and NIC_ClientSecret.

@Sergey-Zorin
Copy link
Contributor

There is bug at line 149 in dns_nic.sh

      _service=$(printf "%s" "$response" | grep "$_domain" | sed -r "s/.*service=\"(.*)\".*$/\1/")

In my case $response is following:

<?xml version="1.0" encoding="UTF-8" ?>
<response>
   <status>success</status>
   <data>
      <zone ... idn-name="sunnysmile.ru" name="sunnysmile.ru" service="prst-zorin-ru" />
      <zone ... idn-name="zorina.ru" name="zorina.ru" service="prst-zorin-ru" />
      <zone ... idn-name="zorin.ru" name="zorin.ru" service="prst-zorin-ru" />
   </data>
</response>

This causes error in log:

[Mon Jan  6 21:01:17 MSK 2020] _domain='zorin.ru'
[Mon Jan  6 21:01:17 MSK 2020] _service='prst-zorin-ru
prst-zorin-ru
prst-zorin-ru'
[Mon Jan  6 21:01:17 MSK 2020] Adding record
[Mon Jan  6 21:01:17 MSK 2020] services/prst-zorin-ru
prst-zorin-ru
prst-zorin-ru/zones/zorin.ru/records
[Mon Jan  6 21:01:17 MSK 2020] data='<?xml version="1.0" encoding="UTF-8" ?><request><rr-list><rr><name>_acme-challenge</name><type>TXT</type><txt><string>EYM74bdWjRdvczHnnekiFueeSQkSOvuGIbCQ4Xai0WY</string></txt></rr></rr-list></request>'
[Mon Jan  6 21:01:17 MSK 2020] PUT
[Mon Jan  6 21:01:17 MSK 2020] _post_url='https://api.nic.ru/dns-master/services/prst-zorin-ru
prst-zorin-ru
prst-zorin-ru/zones/zorin.ru/records'
[Mon Jan  6 21:01:17 MSK 2020] body='<?xml version="1.0" encoding="UTF-8" ?><request><rr-list><rr><name>_acme-challenge</name><type>TXT</type><txt><string>EYM74bdWjRdvczHnnekiFueeSQkSOvuGIbCQ4Xai0WY</string></txt></rr></rr-list></request>'
[Mon Jan  6 21:01:17 MSK 2020] _postContentType
[Mon Jan  6 21:01:17 MSK 2020] Http already initialized.
[Mon Jan  6 21:01:17 MSK 2020] _CURL='curl -L --silent --dump-header /home/zorin/.acme.sh/http.header  -g '
[Mon Jan  6 21:01:17 MSK 2020] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 3
[Mon Jan  6 21:01:17 MSK 2020] _ret='3'
[Mon Jan  6 21:01:17 MSK 2020] Add TXT record error
[Mon Jan  6 21:01:17 MSK 2020] Error add txt for domain:_acme-challenge.zorin.ru

This bug was fixed in PR 2678 mentioned above

@Sergey-Zorin
Copy link
Contributor

#2678 had been merged.
Docs updated: https://github.com/Neilpang/acme.sh/wiki/dnsapi#89-use-nicru-dns

@Alexilmarranen
Copy link
Contributor

Alexilmarranen commented Aug 12, 2020
edited
Loading

I have same problem:

docker run --rm -it -v /root/temp:/acme.sh --env-file=/root/site/.env --net=host neilpang/acme.sh --issue --test --dns dns_nic -d example.com
[Wed Aug 12 10:05:46 UTC 2020] Using stage ACME_DIRECTORY: https://acme-staging-v02.api.letsencrypt.org/directory
[Wed Aug 12 10:05:46 UTC 2020] Single domain='example.com'
[Wed Aug 12 10:05:46 UTC 2020] Getting domain auth token for each domain
[Wed Aug 12 10:05:49 UTC 2020] Getting webroot for domain='example.com'
[Wed Aug 12 10:05:49 UTC 2020] Adding txt value: oBep6uuK551IGH2JMtHThlgtSU8weTl5OifVW2jtc8s for domain: _acme-challenge.example.com
[Wed Aug 12 10:05:49 UTC 2020] Getting NIC auth token
[Wed Aug 12 10:05:51 UTC 2020] Token received
[Wed Aug 12 10:05:51 UTC 2020] Adding record
[Wed Aug 12 10:05:51 UTC 2020] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 3
[Wed Aug 12 10:05:51 UTC 2020] Add TXT record error
[Wed Aug 12 10:05:51 UTC 2020] Error add txt for domain:_acme-challenge.example.com
[Wed Aug 12 10:05:51 UTC 2020] Please add '--debug' or '--log' to check more details.
[Wed Aug 12 10:05:51 UTC 2020] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh

acme.sh version 2.8.7

What can i do about it?

@Alexilmarranen
Copy link
Contributor

I figured out this problem:
There are two services in my NIC account and the created url tries to take both services.
A good solution for most users is to use only the first service (usually the primary DNS zone).

@Alexilmarranen Alexilmarranen mentioned this issue Aug 12, 2020
Merged
@Alexilmarranen
Copy link
Contributor

@Sergey-Zorin Could you please check this small fix for regression. Thx

@atasenko
Copy link

Looks like nic.ru changed something in their API. About 2 weeks ago my script start to generate the following error trying to issue new certs:

[Thu Aug 11 11:21:02 MSK 2022] Token received
[Thu Aug 11 11:21:02 MSK 2022] _auth_token='token_type:Bearer'
[Thu Aug 11 11:21:02 MSK 2022] First detect the root zone
[Thu Aug 11 11:21:02 MSK 2022] zones
[Thu Aug 11 11:21:02 MSK 2022] GET
[Thu Aug 11 11:21:02 MSK 2022] url='https://api.nic.ru/dns-master/zones'
[Thu Aug 11 11:21:02 MSK 2022] timeout=
[Thu Aug 11 11:21:02 MSK 2022] Http already initialized.
[Thu Aug 11 11:21:02 MSK 2022] _CURL='curl --silent --dump-header /usr/local/letsencrypt/http.header -L --trace-ascii /tmp/tmp.rZAQStqtWW -g '
[Thu Aug 11 11:21:02 MSK 2022] ret='0'
[Thu Aug 11 11:21:02 MSK 2022] Error: Access token expired or not found
[Thu Aug 11 11:21:02 MSK 2022] Invalid domain
[Thu Aug 11 11:21:02 MSK 2022] Error add txt for domain:_acme-challenge.mydomain.ru
[Thu Aug 11 11:21:02 MSK 2022] _on_issue_err

I fixed it changed line 138 in dns_nic.sh
_auth_token=$(printf "%s" "$res" | cut -d , -f1 | tr -d "{" | tr -d "\"" | sed "s/access_token://")

@Alexilmarranen
Copy link
Contributor

Alexilmarranen commented Aug 11, 2022 via email

@Alexilmarranen
Copy link
Contributor

I confirm the fix is ​​correct - I checked it on four installations with three domains (including in the pfSense bsd port)

@atasenko Can you create a PR?

atasenko added a commit to atasenko/acme.sh that referenced this issue Aug 12, 2022
@atasenko
acmesh-official#2547 wrong token cut from nic API response
4b0b0ff
Alexilmarranen added a commit to Alexilmarranen/acme.sh that referenced this issue Aug 23, 2022
@Alexilmarranen
acmesh-official#2547 Fix auth token parsing
4014f92
@mihakot
Copy link

mihakot commented Mar 15, 2024

Hello
have some problem

[Пт мар 15 16:43:37 MSK 2024] Adding record
[Пт мар 15 16:43:37 MSK 2024] services/******/zones/*****/records
[Пт мар 15 16:43:37 MSK 2024] data='<?xml version="1.0" encoding="UTF-8" ?><request><rr-list><rr><name>_acme-challenge</name><type>TXT</type><txt><string>8sQuKYY3eWU_gF8XfC2-RGCldzl8lp0clpQsihM22PY</string></txt></rr></rr-list></request>'
[Пт мар 15 16:43:37 MSK 2024] PUT
[Пт мар 15 16:43:37 MSK 2024] _post_url='https://api.nic.ru/dns-master/services/****/zones/****/records'
[Пт мар 15 16:43:37 MSK 2024] body='<?xml version="1.0" encoding="UTF-8" ?><request><rr-list><rr><name>_acme-challenge</name><type>TXT</type><txt><string>8sQuKYY3eWU_gF8XfC2-RGCldzl8lp0clpQsihM22PY</string></txt></rr></rr-list></request>'
[Пт мар 15 16:43:37 MSK 2024] _postContentType
[Пт мар 15 16:43:37 MSK 2024] Http already initialized.
[Пт мар 15 16:43:37 MSK 2024] _WGET='wget -q -d  --content-on-error  --no-check-certificate '
[Пт мар 15 16:43:37 MSK 2024] Please refer to https://www.gnu.org/software/wget/manual/html_node/Exit-Status.html for error code: 2
Setting --content-on-error (contentonerror) to 1
Setting --check-certificate (checkcertificate) to 0
Setting --server-response (serverresponse) to 1
Setting --output-document (outputdocument) to -
Setting --user-agent (useragent) to acme.sh/3.0.8 (https://github.com/acmesh-official/acme.sh)
Setting --header (header) to
Setting --header (header) to
Setting --header (header) to
Setting --header (header) to Authorization: Bearer **********
Setting --header (header) to Content-Type: application/xml
Использование: wget [ПАРАМЕТР]... [URL]...

Дополнительные параметры выводятся по команде «wget --help».
[Пт мар 15 16:43:37 MSK 2024] options='/^[^ ][^ ]/d; /^ *$/d'
[Пт мар 15 16:43:37 MSK 2024] Using sed  -i
[Пт мар 15 16:43:37 MSK 2024] options='s/^  //g'
[Пт мар 15 16:43:37 MSK 2024] Using sed  -i
[Пт мар 15 16:43:37 MSK 2024] _ret='2'
[Пт мар 15 16:43:37 MSK 2024] Add TXT record error


`

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rserpent rserpent

Labels
3rd party api report bugs to dns api, deploy hooks and notification hooks
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@mihakot @Alexilmarranen @Neilpang @alikve @Sergey-Zorin @rserpent @atasenko